Hi Ben,
Thanks for your reply. Do I understand correctly that as far as you can
see the setup of my Master Ad Account, the gmail account that owns it, the
Master Account that owns the Developer Token, the Google Workspace and the
Service Account is all OK?
Yes, I am using php curl to request and store the access token on my web
server. Here is the code, with a few redactions. The code is executed
every 6 minutes via cron, so the token is usually refreshed after 48
minutes.
*<?php*
*// Retrieve current token from file*
*$tokenJsonFile = file_get_contents('/**********/**********.json');*
*$tokenData = json_decode($tokenJsonFile);*
*$expiry = $tokenData->expiry;*
*$expiry_time = $expiry - time();*
*// Refresh token if < 15 minutes to expiry*
*if ($expiry_time < 900) {*
* // JWT Header*
* $JWTHead = '{"alg":"RS256","typ":"JWT"}';*
* $JWTHead = base64_encode($JWTHead);*
* // JWT Claim Data*
* $keyDataJsonFile = file_get_contents('/**********/**********.json');*
* $keyData = json_decode($keyDataJsonFile);*
* $iss = $keyData->client_email;*
*// $sub = $keyData->client_email;*
* $scope = "https://www.googleapis.com/auth/adwords";*
* $aud = $keyData->token_uri;*
* $iat = time();*
* $exp = $iat + 3600;*
*// $JWTClaim =
'{"iss":"'.$iss.'","sub":"'.$sub.'","scope":"'.$scope.'","aud":"'.$aud.'","iat":"'.$iat.'","exp":"'.$exp.'"}';*
* $JWTClaim =
'{"iss":"'.$iss.'","scope":"'.$scope.'","aud":"'.$aud.'","iat":"'.$iat.'","exp":"'.$exp.'"}';*
* $JWTClaim = base64_encode($JWTClaim);*
* // JWT Signature*
* $privateKey = $keyData->private_key;*
* openssl_sign(*
* $JWTHead.".".$JWTClaim,*
* $JWTSignature,*
* $privateKey,*
* "sha256WithRSAEncryption"*
* );*
* $JWTSignature = base64_encode($JWTSignature);*
* // Post Token Request*
* $curl = curl_init($aud);*
* $parms = [*
* 'grant_type' =>
'urn:ietf:params:oauth:grant-type:jwt-bearer',*
* 'assertion' =>
$JWTHead.".".$JWTClaim.".".$JWTSignature*
* ];*
* $data = http_build_query($parms);*
* curl_setopt($curl, CURLOPT_URL, $aud);*
* curl_setopt($curl, CURLOPT_POST, true);*
* curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);*
* curl_setopt($curl, CURLOPT_POSTFIELDS, $data);*
* $response = curl_exec($curl);*
* curl_close($curl);*
* $responseData = json_decode($response);*
* $access_token = $responseData->access_token;*
* // If token not granted send email*
* if (!isset($access_token)) {*
* $tomail = "**********";*
* $headers = 'From: **********';*
* $subject = "OAuth Token Not Granted: Response Data";*
* mail($tomail, $subject, var_dump($responseData), $headers);*
* } else {*
* // otherwise write new token data to file*
* $expires_in = $responseData->expires_in;*
* $token_type = $responseData->token_type;*
* $newExpiry = $iat + $expires_in; *
* $newTokenData = array(*
* "access_token"=>$access_token,*
* "expiry"=>$newExpiry,*
* "token_type"=>$token_type*
* );*
* $newTokenJson = json_encode($newTokenData);*
* file_put_contents(' /**********/**********.json ',
$newTokenJson);*
* }*
*}*
*?>*
I haven't tried using a client library - my general preference is not to
have to internalize the workings of another layer of software and its
attendant documentation unless there are convincing benefits to offset the
time investment.
Please let me know if there is anything else I can do to assist your
investigation.
Regards,
Martin
On Tuesday, November 30, 2021 at 10:43:58 PM UTC+2 adsapi wrote:
> Hi Martin,
>
> Apologies for the delayed response here. I'm still trying to determine the
> exact cause of this issue, but it's currently not quite clear. It doesn't
> appear related to how impersonation was set up.
>
> It looks like you're using curl to make these requests, right? Which means
> you must be manually generating an access token - could you share more
> details on how you're generating that token? Also, have you tried using a
> client library with these service account credentials?
>
> Thanks,
> Ben, Google Ads API Team
>
> ref:_00D1U1174p._5004Q2R74x8:ref
>
--
--
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to the Google Groups
"AdWords API and Google Ads API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/adwords-api/599bf746-92e9-438b-ad18-3bc26b1de123n%40googlegroups.com.
